Closed timswanson-google closed 2 months ago
Since this is a breaking change for existing Board Servers -- they will need to update their config to continue to work properly -- I think this will be a major version bump for Board Server.
Reopening. Still need to remove (now unused) references to the table in code.
The CORS config for Board Server is currently configured using a document called
configuration/board-server-cors
in Firestorehttps://github.com/breadboard-ai/breadboard/blob/70445019c2da17e2deaabcee04d4bbb0cc2648b0/packages/board-server/src/server/store.ts#L132
Connection Server accomplishes this same thing using an
ALLOWED_ORIGINS
environment variable.https://github.com/breadboard-ai/breadboard/blob/70445019c2da17e2deaabcee04d4bbb0cc2648b0/packages/connection-server/src/index.ts#L16
The Connection Server approach is better for a number of reasons.
The set of allowed origins is a core configuration value, and is unlikely to change frequently (if ever), so having it in storage offers no additional value over having it in config.
Also, using an environment variable allows explicitly setting the value when running locally.
https://github.com/breadboard-ai/breadboard/blob/70445019c2da17e2deaabcee04d4bbb0cc2648b0/packages/connection-server/package.json#L39
Currently, Board Server accomplishes this by explicitly checking for "localhost" in code.
https://github.com/breadboard-ai/breadboard/blob/70445019c2da17e2deaabcee04d4bbb0cc2648b0/packages/board-server/src/server/cors.ts#L52-L56
Finally, there is an effort to decouple Board Server from Firestore (e.g. #2889). This is one such dependency that will need to be broken for this to happen.